Search the Community
Showing results for tags 'self hosted'.
Found 1 result
Recently I deployed Bitwarden (https://bitwarden.com/) in Synology Docker and thought I would share my experience for others looking to do so. ***For experienced individuals comfortable with synology command line and linux environments with docker, I take no responsibility for any issues encountered*** ***Read fully before considering*** History: I've used a number of password managers (lastpass, keeper, keepass, etc) and still use some for professional reasons. For personal use I was using KeepassX so I could control the safe (in Dropbox) and did not want my personal data cloud hosted. I need it to run on linux, windows, osx as well as mobile (android) support. I also am a strong proponent of two factor authentication, keepass offers it but is a lackluster implementation. I wanted a more robust self hosted password manager that I could host on my synology. Feature Requirements: There is a number of things I wanted in my personal password management that Bitwarden offered over the others TOTP (Time Based One Time Passcode) Two factor authentication with Authy or Google Authenticator Self hosted password manager with central database stored on my synology Robust device and application support (Linux, Windows, OSX, IOS App, Android App, Browser integrations etc) Push syncing of changes so conflicts in password safe are avoided or less likely Secure software with good development (bitwarden has a cloud hosted solution as well as self hosted, so they are diligent in ensuring updates are made regularly https://help.bitwarden.com/security/ and community involvement is very good) Free for personal use and open source Setup Requirements: You will need to have the following requirements met to follow this guide: Latest XPenology/Synology: Currently on DSM 6.1.6-15266 with JUN'S LOADER v1.02b - DS3617xs Latest Synology Docker Package: Currently on 17.05.0-0370 (https://www.synology.com/en-global/dsm/packages/Docker) Your own public domain (in this use case I use a personal public facing domain with public DNS) An understanding of Domains, Extenal DNS, SSL Certificates (Lets Encrypt), Reverse Proxies, Linux/Synology cli, Docker Process: Please fully read the bitwarden self hosting documentation (https://help.bitwarden.com/article/install-on-premise/) before attempting any of these steps Create your bitwarden external DNS record (I used bw.<mydomain> this guides example will be bitwarden.domain.com) You have two options for your dns record: "A record" which is a record to the External IP address you use to reach your synology/xpenology device (eg: bitwarden.domain.com A record to Your public IP) "CNAME record" which is a record to the existing DNS Record of your synology/xpenology device (eg: bitwarden.domain.com CNAME record to nas.domain.com) Create an SSL Certificate using Lets Encrypt within DSM Certificate Manager Go to "Control Panel" -> "Security" -> "Certificate" -> "Add" "Add a new certificate" -> "Next" Description "Bitwarden Certificate", "Get a certificate by Lets Encrypt" -> "Next" Domain name: "bitwarden.domain.com", Email: "<your email address>" -> "Apply" Create a Reverse Proxy in DSM to the docker port used by bitwarden Go to "Control Panel" -> "Application Portal" -> "Reverse Proxy" -> "Create" Description: "Bitwarden https reverse proxy" Source: Protocol: "HTTPS", Hostname: "bitwarden.domain.com", Port: "443", HSTS and HTTP/2 "Unchecked" Destination: Protocol: "HTTP", Hostname: "localhost", Port: "8123" Associate Reverse Proxy with Certificate Go to "Control Panel" -> "Security" -> "Certificate" -> "Configure" Services: "bitwarden.domain.com" Certificate: "bitwarden.domain.com" -> "OK" Ensure docker is installed and collect docker folder location Install docker from the package manager Confirm docker shared folder location "File Station" -> folder "docker" right click properties and collect path (mine was "/volume1/docker" and will be referenced as the path in this article) SSH connect to synology/xpenology internal IP address or hostname as administrator account linux/osx terminal command: ssh admin@<nas internal ip or dns> (enter admin user password) windows use putty or bash for windows to connect (provide admin user and passwords as credentials) Switch to root user for docker access command: sudo su - (enter admin user password when prompted for password) Change to the docker folder command: cd /volume1/docker (or whatever your path to docker shared folder may be) Follow bitwarden self hosted setup procedure (reference https://help.bitwarden.com/article/install-on-premise/) Get a self hosting installation id and key here https://bitwarden.com/host copy these value to be used when running installation Import bitwarden.sh script command: curl -s -o bitwarden.sh \ https://raw.githubusercontent.com/bitwarden/core/master/scripts/bitwarden.sh \ && sudo chmod u+x bitwarden.sh Run installation using script command: ./bitwarden.sh install follow prompts in code block: root@nas:/volume1/docker# ./bitwarden.sh install _ _ _ _ | |__ (_) |___ ____ _ _ __ __| | ___ _ __ | '_ \| | __\ \ /\ / / _` | '__/ _` |/ _ \ '_ \ | |_) | | |_ \ V V / (_| | | | (_| | __/ | | | |_.__/|_|\__| \_/\_/ \__,_|_| \__,_|\___|_| |_| Open source password management solutions Copyright 2015-2018, 8bit Solutions LLC https://bitwarden.com, https://github.com/bitwarden =================================================== Docker version 17.05.0-ce, build 9f07f0e-synology docker-compose version 1.14.0, build c7bdf9e (!) Enter the domain name for your bitwarden instance (ex. bitwarden.company.com): bitwarden.domain.com (!) Do you want to use Let's Encrypt to generate a free SSL certificate? (y/n): n 1.17.2: Pulling from bitwarden/setup Digest: sha256:cf55e0288b6392ee9c35022089396c3c561773ddc963945f1afea8fce359757f Status: Image is up to date for bitwarden/setup:1.17.2 (!) Enter your installation id (get it at https://bitwarden.com/host): <my_installation_id> (!) Enter your installation key: <my_installation_key> (!) Do you have a SSL certificate to use? (y/n): n (!) Do you want to generate a self-signed SSL certificate? (y/n): n !!!!!! WARNING !!!!!! You are not using an SSL certificate. Bitwarden requires HTTPS to operate. You must front your installation with a HTTPS proxy. The web vault (and other Bitwarden apps) will not work properly without HTTPS. !!!!!!!!!!!!!!!!!!!!! Generating key for IdentityServer. Generating a 4096 bit RSA private key ....................................................................................++ ......................................++ writing new private key to 'identity.key' ----- (!) Do you want to use the default ports for HTTP (80) and HTTPS (443)? (y/n): n (!) HTTP port: 8123 (!) Is your installation behind a reverse proxy? (y/n): y (!) Do you use the default ports on your reverse proxy (80/443)? (y/n): y (!) Do you want to use push notifications? (y/n): y Building nginx config. Building docker environment files. Building docker environment override files. Building app settings. Building FIDO U2F app id. Building docker-compose.yml. Setup complete Once setup is complete you will need to create some missing folders (this is due to the docker version on synology not creating bind mount locations on container creation, likely a version bug) there should be a new folder creating in your /volume1/docker location called /volume1/docker/bwdata create the following folders in the bwdata directory from your current location (/volume1/docker location) command: mkdir bwdata/core bwdata/core/attachments command: mkdir bwdata/ca-certificates command: mkdir bwdata/logs bwdata/logs/admin bwdata/logs/api bwdata/logs/identity bwdata/logs/mssql bwdata/logs/nginx bwdata/logs/notifications bwdata/logs/icons command: mkdir bwdata/mssql bwdata/mssql/data bwdata/mssql/backups If there are any failures on the ./bitwarden.sh start stating "ERROR: for <container name> Cannot start service <container name>: Bind mount failed: '/volume1/docker/bwdata/<path>' does not exists" make sure to create that missing <path> specified in the error Run setup using script command: ./bitwarden.sh start if there are not missing folders as per notes above the service should now be running on port 8123 and reachable from your external dns entry https://bitwarden.domain.com Run updatedb using script command: ./bitwarden.sh updatedb this will run database migrations on bitwarden for any latest database changes to run Additional changes to consider: modify your bwdata/env/global.override.env for the following features add smtp email disable registrations after you create your accounts other override features specific to your use case restart containers after change to global environment vars Update bitwarden version: To update to the latest version run: command : ./bitwarden.sh updateself command: ./bitwarden.sh update Hopefully this guide is helpful to anyone looking to host bitwarden on their synology/xpenology device.